[nycbug-talk] Change password at next login?
Brian A. Seklecki
lavalamp at spiritual-machines.org
Fri Apr 25 15:48:05 EDT 2008
On Fri, 25 Apr 2008, Tim A. wrote:
> Internal FreeBSD server, no outside access.
pw(8) and login.conf(8). You can expire passwords and accounts after
X-days.
> Is there anything else that does this?
>
> Also, is there someway to require a certain level of password complexity?
For LDAP (nss_ldap+pam_ldap), you could enforce strong passwords using a
custom filter, but I have found that 2-factor authentication is much more
successful than strong passwords (which just encourage people to write
them down)
For this, you can use something like Entrust IdentityGuard, in combination
with pam_radius (with fallback to pam_ldap), for two-factor authentication
(grid cards, FOBs), OTP password lists, etc...
~BAS
> Of course, I'd prefer to setup some sort of ssh-key escrow management
More information about the talk
mailing list